[Samba] LDAP Master/Slave
rruegner
robert at ruegner.org
Wed Aug 18 22:11:09 GMT 2004
thats right
regards
Jason C. Waters schrieb:
> I don't think this is a solution. If I understand what you were saying,
> on the BDC I should have this as the passwd backend:
>
> passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1"
>
> server2 - the BDC and ldap slave which is read only
> server1 - is the PDB and has the ldap master which users can read/write,
> so they could update their passwords.
>
> If I have it setup this way, the users that on the other side will never
> be able to update their passwords, at least on that leg of the VPN. Or
> maybe I just thinking about this the wrong way.
>
> Jason
>
> rruegner wrote:
>
>> Hi,
>> if you want to stay bdc stay alive, in cases
>> when vpn broke so on your bdc smb.conf
>> your slave ldap should be the first entry in the passwd backend,
>> so if vpn brake , the slave ldap operates with its last
>> entries from the master and will give the win clients any chance
>> to operate just like if the pdc is alive.
>> If vpn is up again it the ldap should refresh the slave automatic.
>> But note, a bdc is read only so changes can olny be made to the master
>> ldap on the pdc.So no changes can be made to the domain during the
>> blackout period.
>> If you want a full functional bdc you also should setup user clients
>> homes and profiles in your outside ( vpn ) office hosted on the bdc.
>> ( a seperate dhcp server and an bind slave with longtime zone caching
>> is very usefull, too )
>>
>> Regards
>>
>> Jason C. Waters schrieb:
>>
>>> Is anyone using this? My smb.conf file has this line in server1(master)
>>>
>>> passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2"
>>>
>>> and this is what server2(slave ldap, BDC) looks like:
>>>
>>> passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2"
>>>
>>> This is what happens. When I take down server 1's ldap server,
>>> server2 just starts using its local ldap server. But if I take down
>>> the VPN between the two, I try the same test, pdbedit -L, it works
>>> but it take about 6 seconds for it to timeout on server1. Is this
>>> normal or do I need to change some DNS setting? Thanks for your help.
>>>
>>> Jason
More information about the samba
mailing list